Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 6.3.11 Administration Guide
    6.3.11
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Caching

    Caching

    To improve performance of your back-end network and servers by reducing their traffic and processing load, you can configure FortiWeb to cache responses from your servers.

    Normally, FortiWeb forwards all allowed requests to your servers. This results in a 1:1 ratio of client-side to server-side traffic. When content caching is enabled, however, FortiWeb will forward only requests for content that:

    When many requests are for cached content, the ratio of traffic changes to n:1.

    Content caching provides the greatest benefit for things that rarely change, such as icons, background images, movies, PDFs, and static HTML.

    To configure the web caching, you must enable it by going to System > Config > Feature Visibility.

    When you create or edit an HTTP server policy in Policy > Server Policy and enable Web Cache, a web cache policy will be automatically created in Application Delivery > Caching. While if you delete the web cache enabled HTTP server policy, or disable Web Cache in the HTTP server policy, the related web cache policy will be removed automatically. The web cache policy includes no rules, and you need to configure the web cache rules for the policy.

    To configure web content caching
    1. Go to Application Delivery > Caching.
    2. Click to select the web cache policy that you want to configure the rule for.
    3. Click Edit.
      On Edit Web Cache Policy page, you can view the following information:
      • The policy name that quotes the web cache policy;
      • The statistics on the hit count in the last 24 hours;
      • The web cache status: Caching and Clearing the cache; when it is Clearing the cache status, page content will not be cached until all cache data is successfully cleared; and the status will return to "Caching".
    4. Click Create New to configure web content caching rule.
      When multiple web cache rules are defined in a web cache policy, and an HTTP request matches a specific web cache rule, FortiWeb will take actions according to the web cache rule settings.
    5. Configure these settings:

      Global Settings

      Host Status

      Enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the rule. Also configure Host.

      Host

      Select which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the policy.

      This option is available only when Host Status is enabled.

      Path

      Enter a path for your web pages, for example /test, a prefix of a set of URLs.

      HTTP Method

      Select whether to cache the response contents according to the HTTP method you use.

      • GET, HEAD (Recommended)
      • GET, HEAD, OPTIONS
      • GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

      Return Code

      Select whether to cache the response contents according to the response code.

      • 200 (Recommended)
      • 200, 206
      • 200, 206, 301, 302

      Cache File Type

      Select whether to cache the response contents according to the content type.

      • Text
      • Picture
      • Media
      • Binary
      • Other

      Key Generation Factor

      Select the protocol variable that you want to use to generate the cache key.

      • Method, such as GET, POST, HEAD, etc.
      • Protocol, the string can be either “http://” or “https://”;
      • Host
      • URL
      • Arguments, for example in request http://host.com/test.php?a=1&b=2
        , the Arguments string is “a=1&b=2”.
      • CookiesOnce you have created a web cache rule, you can edit the rule to indicate cookies in HTTP requests and append them to the key string to generate the cache key.

      Validity Settings

      Cache Inactive After

      Specify a timeout threshold that the cache becomes invalid and needs to be refreshed. After the timeout, the cached web contents will be removed automatically.

      Force Client Cache Refresh

      Enable to clear the cache based on the specified period.

      Client Cache Refresh After

      Enter a period specified by max-age so that if the client requests the same contents again in the period, the client can obtain the web content from local cache directly.
    6. Click OK.
    7. In Bypass Sub URL, you can configure the URLs not to be cached.
      Click Create New.
    8. Configure these settings.

      HTTP Method

      Select the HTTP method in which the request URL is included.

      URL Type

      Select whether the URL Expression field must contain either:

      • Simple String—The field is a string that the request sub URLmust match exactly.
      • Regular Expression—The field is a regular expression that defines a set of matching sub URLs.

      URL Expression

      Depending on your selection in URL Type, enter either:

      • Simple String—Enter a literal sub URL, such as /exp that the HTTP request must contain in order to match the rule, or use wildcards to match multiple sub URLs, such as /exp/* or /exp/*/index.htm. The sub URL must begin with a slash ( / ).
      • Regular Expression—A regular expression, such as ^/*.php, matching the sub URLs to which the rule should apply. The pattern does not require a slash ( / ), but it must match sub URLs that begin with a slash, such as /index.cfm.

      To test a regular expression, click the >> (test) icon. This icon opens the Regular Expression Validator window from which you can fine-tune the expression. For details, see Regular expression syntax.

      Bypass Arguments

      Enable this option and enter the argument name so that the request matches the bypass URL only when the request brings the specific arguments.

      Bypass Cookies

      Enable this option and enter the cookie name so that the request matches the bypass URL only when the request brings the specific cookies.
    9. Click OK.
      You can continue creating multiple bypass sub URL lists.
    See also
    Previous
    Next

    Caching

    Caching

    To improve performance of your back-end network and servers by reducing their traffic and processing load, you can configure FortiWeb to cache responses from your servers.

    Normally, FortiWeb forwards all allowed requests to your servers. This results in a 1:1 ratio of client-side to server-side traffic. When content caching is enabled, however, FortiWeb will forward only requests for content that:

    When many requests are for cached content, the ratio of traffic changes to n:1.

    Content caching provides the greatest benefit for things that rarely change, such as icons, background images, movies, PDFs, and static HTML.

    To configure the web caching, you must enable it by going to System > Config > Feature Visibility.

    When you create or edit an HTTP server policy in Policy > Server Policy and enable Web Cache, a web cache policy will be automatically created in Application Delivery > Caching. While if you delete the web cache enabled HTTP server policy, or disable Web Cache in the HTTP server policy, the related web cache policy will be removed automatically. The web cache policy includes no rules, and you need to configure the web cache rules for the policy.

    To configure web content caching
    1. Go to Application Delivery > Caching.
    2. Click to select the web cache policy that you want to configure the rule for.
    3. Click Edit.
      On Edit Web Cache Policy page, you can view the following information:
      • The policy name that quotes the web cache policy;
      • The statistics on the hit count in the last 24 hours;
      • The web cache status: Caching and Clearing the cache; when it is Clearing the cache status, page content will not be cached until all cache data is successfully cleared; and the status will return to "Caching".
    4. Click Create New to configure web content caching rule.
      When multiple web cache rules are defined in a web cache policy, and an HTTP request matches a specific web cache rule, FortiWeb will take actions according to the web cache rule settings.
    5. Configure these settings:

      Global Settings

      Host Status

      Enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the rule. Also configure Host.

      Host

      Select which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the policy.

      This option is available only when Host Status is enabled.

      Path

      Enter a path for your web pages, for example /test, a prefix of a set of URLs.

      HTTP Method

      Select whether to cache the response contents according to the HTTP method you use.

      • GET, HEAD (Recommended)
      • GET, HEAD, OPTIONS
      • GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

      Return Code

      Select whether to cache the response contents according to the response code.

      • 200 (Recommended)
      • 200, 206
      • 200, 206, 301, 302

      Cache File Type

      Select whether to cache the response contents according to the content type.

      • Text
      • Picture
      • Media
      • Binary
      • Other

      Key Generation Factor

      Select the protocol variable that you want to use to generate the cache key.

      • Method, such as GET, POST, HEAD, etc.
      • Protocol, the string can be either “http://” or “https://”;
      • Host
      • URL
      • Arguments, for example in request http://host.com/test.php?a=1&b=2
        , the Arguments string is “a=1&b=2”.
      • CookiesOnce you have created a web cache rule, you can edit the rule to indicate cookies in HTTP requests and append them to the key string to generate the cache key.

      Validity Settings

      Cache Inactive After

      Specify a timeout threshold that the cache becomes invalid and needs to be refreshed. After the timeout, the cached web contents will be removed automatically.

      Force Client Cache Refresh

      Enable to clear the cache based on the specified period.

      Client Cache Refresh After

      Enter a period specified by max-age so that if the client requests the same contents again in the period, the client can obtain the web content from local cache directly.
    6. Click OK.
    7. In Bypass Sub URL, you can configure the URLs not to be cached.
      Click Create New.
    8. Configure these settings.

      HTTP Method

      Select the HTTP method in which the request URL is included.

      URL Type

      Select whether the URL Expression field must contain either:

      • Simple String—The field is a string that the request sub URLmust match exactly.
      • Regular Expression—The field is a regular expression that defines a set of matching sub URLs.

      URL Expression

      Depending on your selection in URL Type, enter either:

      • Simple String—Enter a literal sub URL, such as /exp that the HTTP request must contain in order to match the rule, or use wildcards to match multiple sub URLs, such as /exp/* or /exp/*/index.htm. The sub URL must begin with a slash ( / ).
      • Regular Expression—A regular expression, such as ^/*.php, matching the sub URLs to which the rule should apply. The pattern does not require a slash ( / ), but it must match sub URLs that begin with a slash, such as /index.cfm.

      To test a regular expression, click the >> (test) icon. This icon opens the Regular Expression Validator window from which you can fine-tune the expression. For details, see Regular expression syntax.

      Bypass Arguments

      Enable this option and enter the argument name so that the request matches the bypass URL only when the request brings the specific arguments.

      Bypass Cookies

      Enable this option and enter the cookie name so that the request matches the bypass URL only when the request brings the specific cookies.
    9. Click OK.
      You can continue creating multiple bypass sub URL lists.
    See also
    Previous
    Next